ExternalVendorCode/corda
1
0
Fork 0
mirror of https://github.com/corda/corda.git synced 2025-06-14 13:18:18 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

CORDA-3871: New integration test for handshake timeout in AMQPClient (#6519)

Browse Source 
* CORDA-3871: Import external code

Compiles, but does not work for various reasons

* CORDA-3871: More improvements to imported code

Currently fails due to keystores not being found

* CORDA-3871: Initialise keystores for the server

Currently fails due to keystores for client not being found

* CORDA-3871: Configure certificates to client

The program started to run

* CORDA-3871: Improve debug output

* CORDA-3871: Few more minor changes

* CORDA-3871: Add AMQClient test

Currently fails due to `localCert` not being set

* CORDA-3871: Configure server to demand client to present its certificate

* CORDA-3871: Changes to the test to make it pass

ACK status is not delivered as server is not talking AMQP

* CORDA-3871: Add delayed handshake scenario

* CORDA-3871: Tidy-up imported classes

* CORDA-3871: Hide thread creation inside `ServerThread`

* CORDA-3871: Test description

* CORDA-3871: Detekt baseline update

* CORDA-3871: Trigger repeated execution of new tests

To make sure they are not flaky

* CORDA-3871: Improve robustness of the newly introduced tests

* CORDA-3871: Improve robustness of the newly introduced tests

* CORDA-3871: New tests proven to be stable - reduce number of iterations to 1

* CORDA-3871: Adding Alex Karnezis to the list of contributors
This commit is contained in:
Viktor Kolomeyko
2020-07-31 09:26:32 +01:00
committed by GitHub
parent 68feb1c35f
commit c498c5bf7c
8 changed files with 1098 additions and 79 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
node-api/src/main/kotlin/net/corda/nodeapi/internal/protonwrapper/netty/SSLHelper.kt
View File

@ -200,10 +200,7 @@ internal fun createClientSslHelper(target: NetworkHostAndPort,
expectedRemoteLegalNames: Set<CordaX500Name>,
keyManagerFactory: KeyManagerFactory,
trustManagerFactory: TrustManagerFactory): SslHandler {
val sslContext = SSLContext.getInstance("TLS")
val keyManagers = keyManagerFactory.keyManagers
val trustManagers = trustManagerFactory.trustManagers.filterIsInstance(X509ExtendedTrustManager::class.java).map { LoggingTrustManagerWrapper(it) }.toTypedArray()
sslContext.init(keyManagers, trustManagers, newSecureRandom())
val sslContext = createAndInitSslContext(keyManagerFactory, trustManagerFactory)
val sslEngine = sslContext.createSSLEngine(target.host, target.port)
sslEngine.useClientMode = true
sslEngine.enabledProtocols = ArtemisTcpTransport.TLS_VERSIONS.toTypedArray()
@ -239,10 +236,7 @@ internal fun createClientOpenSslHandler(target: NetworkHostAndPort,
internal fun createServerSslHandler(keyStore: CertificateStore,
keyManagerFactory: KeyManagerFactory,
trustManagerFactory: TrustManagerFactory): SslHandler {
val sslContext = SSLContext.getInstance("TLS")
val keyManagers = keyManagerFactory.keyManagers
val trustManagers = trustManagerFactory.trustManagers.filterIsInstance(X509ExtendedTrustManager::class.java).map { LoggingTrustManagerWrapper(it) }.toTypedArray()
sslContext.init(keyManagers, trustManagers, newSecureRandom())
val sslContext = createAndInitSslContext(keyManagerFactory, trustManagerFactory)
val sslEngine = sslContext.createSSLEngine()
sslEngine.useClientMode = false
sslEngine.needClientAuth = true
@ -256,6 +250,15 @@ internal fun createServerSslHandler(keyStore: CertificateStore,
return SslHandler(sslEngine, false, LoggingImmediateExecutor)
}
fun createAndInitSslContext(keyManagerFactory: KeyManagerFactory, trustManagerFactory: TrustManagerFactory): SSLContext {
val sslContext = SSLContext.getInstance("TLS")
val keyManagers = keyManagerFactory.keyManagers
val trustManagers = trustManagerFactory.trustManagers.filterIsInstance(X509ExtendedTrustManager::class.java)
.map { LoggingTrustManagerWrapper(it) }.toTypedArray()
sslContext.init(keyManagers, trustManagers, newSecureRandom())
return sslContext
}
@VisibleForTesting
fun initialiseTrustStoreAndEnableCrlChecking(trustStore: CertificateStore, revocationConfig: RevocationConfig): ManagerFactoryParameters {
val pkixParams = PKIXBuilderParameters(trustStore.value.internal, X509CertSelector())